Facebookからのメッセージを騙るスパム
Published: 2013/02/02
Facebookネタは相変わらず人気です。
新しいコメントがとどいたとか、パスワードを変えろとか。
誘導URLはこんな感じ。
http://www.cross-capital.cc/fb_recoverr.html http://calendar.aretesw.com/fb_recoverr.html http://higginsteam.voitco.com/fb_recoverr.html http://ultimatebabyguide.com/recovr_fbcom.html http://www.dobrekomputery.ovh.org/recovr_fbcom.html
この後
http://capeinn.net/detects/win_units.php
に飛ばされます。
はやりのBHEK2ではなくコードはZeuSっぽいです。
domain | IP | 逆引き | AS | AS Name | Country |
---|---|---|---|---|---|
bjwmng.com | 122.115.36.190 | NONE | 4808 | CHINA169-BJ_CNCGROUP_IP_network_China169_Beijing_Province_Network | China |
www.eliteedu.com.cn | 122.115.36.190 | NONE | 4808 | CHINA169-BJ_CNCGROUP_IP_network_China169_Beijing_Province_Network | China |
www.xorencom.lu | 195.46.239.232 | NONE | 6661 | EPT-LU_Entreprise_des_Postes_et_Telecommunications | Luxembourg |
test.login-users.eu | 81.169.145.154 | w9a.rzone.de. | 6724 | STRATO_STRATO_AG | Germany |
ant.graine.ru | 81.177.140.211 | NONE | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation |
tv.graine.ru | 81.177.140.211 | NONE | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation |
www.peredki.borovichskiy.okpmo.nov.ru | 62.118.131.170 | NONE | 8359 | MTS_MTS_OJSC | RussianFederation |
piccollini.dk | 212.97.132.115 | ws15.surf-town.net. | 9120 | SURFTOWNNET_Surftown_A/S | Denmark |
www.dobrekomputery.ovh.org | 46.105.198.1 | NONE | 16276 | OVH_OVH_Systems | France |
www.imteeaz.com | 178.33.232.2 | fr3.fodytechnologies.com. | 16276 | OVH_OVH_Systems | France |
nunu.ictpurwakarta.net | 180.250.69.60 | 60.subnet180-250-69.speedy.telkom.net.id. | 17974 | TELKOMNET-AS2-AP_PT_Telekomunikasi_Indonesia | Indonesia |
shop.majevent.com | 85.249.230.97 | mailtalin.beget.ru. | 20597 | ELTEL-AS_ELTEL.NET_Autonomous_System | RussianFederation |
forum.network-biznes.com.ua | 77.120.115.235 | accord.cityhost.com.ua. | 25229 | VOLIA-AS_Kyivski_Telekomunikatsiyni_Merezhi_LLC | Ukraine |
old.mlsit.ru | 90.156.201.112 | fe.shared.masterhost.ru. | 25532 | MASTERHOST-AS_.masterhost_autonomous_system | RussianFederation |
old.mlsit.ru | 90.156.201.117 | fe.shared.masterhost.ru. | 25532 | MASTERHOST-AS_.masterhost_autonomous_system | RussianFederation |
old.mlsit.ru | 90.156.201.25 | fe.shared.masterhost.ru. | 25532 | MASTERHOST-AS_.masterhost_autonomous_system | RussianFederation |
old.mlsit.ru | 90.156.201.51 | fe.shared.masterhost.ru. | 25532 | MASTERHOST-AS_.masterhost_autonomous_system | RussianFederation |
mackidockie.co.uk | 66.96.160.129 | 129.160.96.66.static.eigbox.net. | 29873 | BIZLAND-SD_-_The_Endurance_International_Group_Inc. | UnitedStates |
barmanbeck.voitco.com | 205.186.187.246 | ekiaiomcqk.c06.mtsvc.net. | 31815 | MEDIATEMPLE_-_Media_Temple_Inc. | UnitedStates |
fultsmcloughlin.voitco.com | 205.186.187.246 | ekiaiomcqk.c06.mtsvc.net. | 31815 | MEDIATEMPLE_-_Media_Temple_Inc. | UnitedStates |
higginsteam.voitco.com | 205.186.187.246 | ekiaiomcqk.c06.mtsvc.net. | 31815 | MEDIATEMPLE_-_Media_Temple_Inc. | UnitedStates |
s30420.gridserver.com | 64.13.232.190 | acmkoieemk.gs02.gridserver.com. | 31815 | MEDIATEMPLE_-_Media_Temple_Inc. | UnitedStates |
africansinitiative.zeyzone.com | 96.0.170.1 | rev.opentransfer.com.1.170.0.96.in-addr.arpa. | 32392 | OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation | UnitedStates |
store.zeyzone.com | 96.0.170.1 | rev.opentransfer.com.1.170.0.96.in-addr.arpa. | 32392 | OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation | UnitedStates |
banknotes.notapedia.com | 198.23.48.120 | hosted.by.liquidnetlimited.com. | 32748 | STEADFAST_-_Steadfast_Networks | UnitedStates |
eurotilingsys.com | 198.23.48.142 | hosted.by.liquidnetlimited.com. | 32748 | STEADFAST_-_Steadfast_Networks | UnitedStates |
globalsourcingandimports.com | 198.23.48.104 | hosted.by.liquidnetlimited.com. | 32748 | STEADFAST_-_Steadfast_Networks | UnitedStates |
itouregypt.com | 198.23.48.142 | hosted.by.liquidnetlimited.com. | 32748 | STEADFAST_-_Steadfast_Networks | UnitedStates |
photos.twicmayardit.com | 208.117.45.29 | NONE | 32748 | STEADFAST_-_Steadfast_Networks | UnitedStates |
ultimatebabyguide.com | 198.136.54.115 | direct.host-care.com. | 33182 | DIMENOC_-_HostDime.com_Inc. | UnitedStates |
calendar.aretesw.com | 208.72.23.197 | NONE | 33219 | UMCC-2_-_Ultimate_Medium_Communications_Corp. | UnitedStates |
www.cross-capital.cc | 85.158.181.24 | server451-han.de-nserver.de. | 34432 | PHH-AS_Profihost_AG | Germany |
doradcy.infonetax.pl | 83.143.132.2 | 132-2.dmtec.eu. | 35174 | NFB-AS_Network_For_Business_Sp._z_o.o. | Poland |
dump.woano.lv | 85.31.96.36 | 85.31.96.36.static.nano.lv. | 43513 | NANO-AS_Sia_Nano_IT | Latvia |
www.shiatsubackmassager.co.uk | 142.4.0.62 | 142-4-0-62.unifiedlayer.com. | 46606 | UNIFIEDLAYER-AS-1_-_Unified_Layer | UnitedStates |
test.carecase.nl | 94.228.209.9 | NONE | 47869 | NETROUTING-AS_Netrouting_Data_Facilities | Netherlands |
findoks.pl | 91.228.197.84 | 84.eight.greendata.pl. | 198414 | BIZNESHOST-AS_Biznes-Host.pl_sp._z_o.o. | Poland |
攻撃サイトは韓国にあります。
capeinn.net has address 222.238.109.66 [ Network Information ] IPv4 Address : 222.232.0.0 - 222.239.255.255 (/13) Service Name : broadNnet Organization Name : SK Broadband Co Ltd Organization ID : ORG3930 [ Network Information ] IPv4 Address : 222.238.64.0 - 222.238.127.255 (/18) Network Name : HANANET-INFRA Organization Name : SK Broadband Co Ltd Organization ID : ORG3930
by jyake